mattyd, thanks for all the help. I changed my LAN to use 172.xx.xx.xx ip and that resolved the issue. You were right the fact that both the VPN and LAN were using 10.x.x.x IPs was the problem. Much appreciated.

But is it possible to do a reverse ssh tunnel to be able to manage the firewall rather than using openvpn?

Hi Techies,

Please help me here.

Thank you for time in advance.

Thanks for the feedback.

Yes, the upstream switch is VLAN capable and I have no management access to it.  I've used VLAN in the past on another network but that was on Cisco switches and internal to the network (no firewall involvement).  Looks like I need to play with the interfaces area of pfsense a little to develop a feel for it.

have you viewed some of these?: https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage

I219_V should be supported by anything 2.3 or newer though: https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_3/sys/dev/e1000/if_em.c#L189

So if yours is not recognised it's not that NIC or it's some new variant with a different PCI device ID. pciconf -lv will show that though.

Steve

Okay, I found what was screwing me up…

Whilst thinking about something completely different, I realised I had Squid Proxy Server running in pfSense.

Turning off Squid fixed the issue, I'll have to try and reconfigure that for VLANs later when I have more time.

OK, I believe I am at the last state of building the iso. Please help what's wrong, I am getting this error..

_====>> Compressing kernel

Cloning everything to /usr/MYPRODUCT/tmp/stage-dir staging area…mv: rename /usr/MYPRODUCT/tmp/stage-dir/usr/local/sbin/pfSense-upgrade to /usr/MYPRODUCT/tmp/stage-dir/usr/local/sbin/MYPRODUCT-upgrade: No such file or directory
mtree: /usr/MYPRODUCT/tmp/stage-dir/var: No such file or directory
====>> Copying metadata for package rc
====>> Creating core package rc
pkg: Unable to access file /usr/MYPRODUCT/tmp/stage-dir/etc/rc:No such file or directory
====>> ERROR: Execution of 'pkg create -o /usr/MYPRODUCT/tmp/MYPRODUCT_master_amd64-core/.real_20170704-0418/All -p /tmp/rc.fBwqdvV/rc_plist -r /usr/MYPRODUCT/tmp/stage-dir -m /tmp/rc.fBwqdvV/rc_metadir' failed (rc = 70)
====>> Removing immutable flags from /tmp/rc.fBwqdvV
====>> Removing recursively /tmp/rc.fBwqdvV

####################################
Something went wrong, check errors!
####################################_

Ah there we go, it was just the firewall rules. Didn't seem to need any special outbound rules in pfsense or anything special with openwrt.
I just used these rules below and all is well.First one is a bit redundant, but I'll leave it since it doesn't hurt.

Thanks for the help!

EDIT: I just realized, since they can both access each other, I wonder if they will compete for DHCP… more testing to do.
EDIT2: I have multiple access points across the house(wired), and they are all connected to pfsense, so my laptop will get a 192.168.1.x ip. I move towards the area with the wrt1200ac(which has the same name/login as the other ap/s) and the laptop's ip changes to a 192.168.2.x ip and everything works seamlessly. I go back to the other side and the ip changes back to  192.168.1.x with pretty much no interruptions.
I'm surprised it works so well. So far I have not see any other type of DHCP competition for the wired computers or anything like that.

capture3.PNG_thumb
capture3.PNG

Hi Jonny,

did you find any solution. I ran into the same problem. I don't find a cause but sometimes my cable provider fritzbox6490 "crashes" when i am using my PCs. For no reason my wan connection stops working. The first indicator is higher pings and/or direct timeouts on 8.8.8.8, at  this point without doing something the fritz crashes within a few minutes.

6490 with Fritz 6.5 (bridge mode)
APU2C4 pfsense 2.3.4 (static wan ip)

mostly this issue happened when i was logging into an fresh bootet System (MacOS/Debian/Ubuntu/WIN7/WIN10).
First i thought dropbox sync was causing this, but it happened also on systems without dropbox.

When using my Cisco ASA5506 there is no problem. i tried several reinstallaions and different system configurations.

kind regards
ralto

@Nullity:

Hmm… Dunno. I've had an Asus RT-N66U running as an AP with pfSense as the router for years. No problems with Android, or any device.

I would be less likely to blame pfSense since there isn't much routing being done in your problematic situation. Most traffic is layer 2, so I'd suspect your WiFi devices first.

Do you have access to any low-level 802.11 logs? Are you sure the clients are initiating the disconnect?

That is what the support people on the Portal side said. I definitely want to agree with you, it doesn't make a ton of sense that the connection would work and then disconnect on the WiFi side.

I asked the Portal folks to send me the logs that indicated the client was performing the disconnect. I figured I'd get the ball rolling here in the hopes someone else had seen the issue.

I am also going to do some more thorough testing this week with the WiFi to see if i have problems, I just had to setup the Portal network again so my wife could work today (the second router acts as both a mesh node and as a bridge for her desktop at home). I will probably do something like use another port on my pfSense box for a second WiFi network and connect just my phone to it.

@Maerad:

Honestly - the whole approach to the problem is wrong IMHO…

...Secure you Windows, work with care, get a more expensive router...

...if you are not a enthusiast user that has no problem spending hours to find problems and just want the network to function, do yourself a favor and go the easy way.

@pfBasic:

In general, pfSense won't prevent you from getting viruses. That being said it will absolutely help if implemented correctly. Best all around anti-virus is still going to be your decisions on the web and on your device.

@Maerad:

Separate networks might help a bit, but in reality, it's way too much work and investment in a private home

Eh, seriously? Separate networks take a few minutes to setup and the cost of getting a web managed switch that supports 802.11q over a "dumb" switch is pretty negligible for a home use switch.

The firewall rules are not complex at all. Just write a rule on the interface you want access from to allow access to the network that contains the device you want to access…

Buy a more expensive router that has a Guest network? One of the big draws of pfSense is the ability to run it on the old computer you have sitting in the closet from 8 years ago, or a $50 eBay/craigslist special. Out of the box, pfSense works. Any complexity is user implemented.
The $50 T420 from 2011 I have sitting on my desk with a single NIC paired with a $30 switch will easily outclass a high end SOHO router...